Memory Leak Affecting kernel-debug package, versions <0:5.14.0-503.11.1.el9_5


Severity

Recommended
medium

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.04% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Memory Leak vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-RHEL9-KERNELDEBUG-6379609
  • published15 Mar 2024
  • disclosed2 Mar 2024

Introduced: 2 Mar 2024

CVE-2023-52560  (opens in a new tab)
CWE-401  (opens in a new tab)

How to fix?

Upgrade RHEL:9 kernel-debug to version 0:5.14.0-503.11.1.el9_5 or higher.
This issue was patched in RHSA-2024:9315.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-debug package and not the kernel-debug package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions()

When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected.

Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damon_destroy_ctx() is removed, but still call damon_new_target() and damon_new_region(), the damon_region which is allocated by kmem_cache_alloc() in damon_new_region() and the damon_target which is allocated by kmalloc in damon_new_target() are not freed. And the damon_region which is allocated in damon_new_region() in damon_set_regions() is also not freed.

So use damon_destroy_target to free all the damon_regions and damon_target.

unreferenced object 0xffff888107c9a940 (size 64):
  comm &#34;kunit_try_catch&#34;, pid 1069, jiffies 4294670592 (age 732.761s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b  ............kkkk
    60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff  `...............
  backtrace:
    [&lt;ffffffff817e0167&gt;] kmalloc_trace+0x27/0xa0
    [&lt;ffffffff819c11cf&gt;] damon_new_target+0x3f/0x1b0
    [&lt;ffffffff819c7d55&gt;] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0
    [&lt;ffffffff819c82be&gt;] damon_test_apply_three_regions1+0x21e/0x260
    [&lt;ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [&lt;ffffffff81237cf6&gt;] kthread+0x2b6/0x380
    [&lt;ffffffff81097add&gt;] ret_from_fork+0x2d/0x70
    [&lt;ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff8881079cc740 (size 56):
  comm &#34;kunit_try_catch&#34;, pid 1069, jiffies 4294670592 (age 732.761s)
  hex dump (first 32 bytes):
    05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00  ................
    6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b  kkkkkkkk....kkkk
  backtrace:
    [&lt;ffffffff819bc492&gt;] damon_new_region+0x22/0x1c0
    [&lt;ffffffff819c7d91&gt;] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0
    [&lt;ffffffff819c82be&gt;] damon_test_apply_three_regions1+0x21e/0x260
    [&lt;ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [&lt;ffffffff81237cf6&gt;] kthread+0x2b6/0x380
    [&lt;ffffffff81097add&gt;] ret_from_fork+0x2d/0x70
    [&lt;ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff888107c9ac40 (size 64):
  comm &#34;kunit_try_catch&#34;, pid 1071, jiffies 4294670595 (age 732.843s)
  hex dump (first 32 bytes):
    00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b  ............kkkk
    a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff  ........x.v.....
  backtrace:
    [&lt;ffffffff817e0167&gt;] kmalloc_trace+0x27/0xa0
    [&lt;ffffffff819c11cf&gt;] damon_new_target+0x3f/0x1b0
    [&lt;ffffffff819c7d55&gt;] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0
    [&lt;ffffffff819c851e&gt;] damon_test_apply_three_regions2+0x21e/0x260
    [&lt;ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [&lt;ffffffff81237cf6&gt;] kthread+0x2b6/0x380
    [&lt;ffffffff81097add&gt;] ret_from_fork+0x2d/0x70
    [&lt;ffffffff81003791&gt;] ret_from_fork_asm+0x11/0x20
unreferenced object 0xffff8881079ccc80 (size 56):
  comm &#34;kunit_try_catch&#34;, pid 1071, jiffies 4294670595 (age 732.843s)
  hex dump (first 32 bytes):
    05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00  ................
    6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b  kkkkkkkk....kkkk
  backtrace:
    [&lt;ffffffff819bc492&gt;] damon_new_region+0x22/0x1c0
    [&lt;ffffffff819c7d91&gt;] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0
    [&lt;ffffffff819c851e&gt;] damon_test_apply_three_regions2+0x21e/0x260
    [&lt;ffffffff829fce6a&gt;] kunit_generic_run_threadfn_adapter+0x4a/0x90
    [&lt;ffffffff81237cf6&gt;] kthread+0x2b6/0x380
    [&lt;ffffffff81097add&gt;] ret_from_fork+0x2d/0x70
    [&lt;ffff

---truncated---

CVSS Scores

version 3.1